- Jamf Nation Community
- Products
- Jamf Pro
- Configuration profile - Options order
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Configuration profile - Options order
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2022 03:05 AM
Hello,
I am just starting with Jamf and was wondering if there is a way to put different options in configuration profile in order, set by me.
Here's what I mean:
We are trying to deploy a profile with 2 options:
- Network, with PEAP configured to 'any ethernet'
- Certificate with, well. A certificate.
Our intention is to have users authenticate on the login screen, so they don't receive any additional pop ups. So far it looks like it works just fine, when the certificate is on the machine.
However, because I deploy both certificate and network configuration in the same profile, it looks like sometimes the network part applies before the certificate is installed, which causes pop-up with 'choose certificate' to appear.
So the question is - is there a way to deploy both options in 1 configuration profile, but delay the network part until the certificate is installed?
If not, is there maybe any other way to achieve what we are trying to do?
Thanks in advance
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2022 08:43 AM
Hello. The certificate. Is its a machine certificate or a user based certificate (e,g smart badge, yubi key?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2022 01:08 AM
Hello,
it's machine based certificate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2022 01:08 PM - edited 11-08-2022 01:09 PM
Only way to do this is via smart group which has criteria to check if the first profile is installed.
#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0
You can put $4 for the name profile.
Then scope second profile to that smart group,.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2022 01:44 AM
Hello,
Just for the clarification - I have to break my 2-option profile into 2 separate profiles, one with certificate and the other with network configuration. Then, I link the first profile normally, and the second one via smart group with criteria as mentioned above? Do I get it right?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2022 04:20 AM
UPDATE:
We tested with breaking my profile into 2 separate ones, and it looks like it won't authenticate anymore.
When I deploy everything together, I can choose 'trusted certificate', since it's all in 1 profile.
In 2 profiles solution I cannot do that ( I can put 'certificate common name' under 'Trusted Server Certificate Names', but it's not the same and won't work).
Is there any workaround here?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-14-2022 11:42 AM
I strongly recommend keeping unrelated things in separate configuration profiles. The certificate should drop in its own configuration profile, probably one that installs at enrollment. Then the network configuration profile can run later, and the certificate is already on the machine.
